一、autoTest 测试环境 Ubuntu 24.04.3 192.168.200.151 testing-middleware 2C16G400G 192.168.200.152 testing-application 2C4G300G 【注:数据持久化目录 /opt/Hjdata/,据将全部写入宿主 /opt/Hjdata/ 目录,容器重启或升级后数据不丢失】 每个中间件单独创建子目录 /opt/Hjdata/mysql /opt/Hjdata/minIO /opt/Hjdata/redis /opt/Hjdata/rmq /opt/Hjdata/mongodb /opt/Hjdata/mongodb_express /opt/Hjdata/xxl-job /opt/Hjdata/nacos 二、中间件镜像版本清单 MySQL: harbor.evermodel.ai:8721/infra/mysql:8.4.5 Redis: harbor.evermodel.ai:8721/infra/redis:7.4 MinIO: harbor.evermodel.ai:8721/infra/mino/minio:RELEASE.2023-03-20T20-16-18Z 保持在web阉割版本最后 MongoDB: harbor.evermodel.ai:8721/infra/mongo:8.0.10 MongoDB-express: harbor.evermodel.ai:8721/infra/mongo-express:1.0.2 Elasticsearch: harbor.evermodel.ai:8721/infra/elasticsearch:8.18.3 Kibana: harbor.evermodel.ai:8721/infra/kibana:8.18.3 Rocketmq:5.3.3 harbor.evermodel.ai:8721/infra/rocketmq:5.3.3 Rocketmq-dashboard:2.1.0 harbor.evermodel.ai:8721/infra/rocketmq-dashboard:2.1.0 XXL-JOB: harbor.evermodel.ai:8721/infra/xuxueli/xxl-job-admin:3.1.1 Nacos: harbor.evermodel.ai:8721/infra/nacos/nacos-server:v2.3.2-slim 三、docker run 中间件清单 3.1、MySQL: harbor.evermodel.ai:8721/infra/mysql:8.4.5 1、启动mysql8.4.5 docker run -d \ --name mysql-8_4_5 \ --restart=always \ -p 3306:3306 \ -e MYSQL_ROOT_PASSWORD='pnh8M7gRt%6E' \ -e MYSQL_USER=dev \ -e MYSQL_PASSWORD='pnh8M7gRt%6E' \ -e TZ=Asia/Shanghai \ -v /opt/Hjdata/mysql:/var/lib/mysql \ harbor.evermodel.ai:8721/infra/mysql:8.4.5 2、验证 mysql -h192.168.200.151 -P3306 -udev -ppnh8M7gRt%6E 把dev 授权 xxl-job权限,后面 xxl-job 要用 docker exec -it mysql-8_4_5 mysql -uroot -p'pnh8M7gRt%6E' GRANT ALL PRIVILEGES ON `xxl-job`.* TO 'dev'@'%'; FLUSH PRIVILEGES; MySQL 8 默认使用 caching_sha2_password,老客户端/驱动(包括 XXL-JOB 内置的 5.x 驱动)无法认证,表现为“连得上、库看不见”。 把 dev 的认证插件改回 mysql_native_password 即可 3.2、Redis: harbor.evermodel.ai:8721/infra/redis:7.4 # 先创建宿主导线目录 mkdir -p /opt/Hjdata/redis/data /opt/Hjdata/redis/conf # 可选:提前写一份最小配置(非必须,但推荐) cat >/opt/Hjdata/redis/conf/redis.conf <<EOF requirepass 123456 save 900 1 save 300 10 save 60 10000 dir /data appendonly yes EOF # 启动容器 docker run -d --name redis-7_4 \ --restart=always \ -p 16379:6379 \ -v /opt/Hjdata/redis/data:/data \ -v /opt/Hjdata/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf \ harbor.evermodel.ai:8721/infra/redis:7.4 \ redis-server /usr/local/etc/redis/redis.conf 2、连接验证 redis-cli -h 192.168.200.151 -p 16379 -a 123456 ping redis-cli -h 192.168.200.151 -p 16379 ping 3.3、MinIO: harbor.evermodel.ai:8721/infra/mino/minio:RELEASE.2023-03-20T20-16-18Z 保持在web阉割版本最后 1、拉取指定版本镜像 docker pull minio/minio:RELEASE.2025-04-22T22-12-26Z 2、docker启动镜像 docker run -d --name minio \ --restart=always \ -p 9010:9000 \ -p 9020:9001 \ -e "MINIO_ROOT_USER=admin" \ -e "MINIO_ROOT_PASSWORD=admin123456" \ -v /opt/Hjdata/minIO:/data \ minio/minio:RELEASE.2025-04-22T22-12-26Z \ server /data --console-address ":9001" 3、参数说明 -p 9010:9000 把宿主的 9010 映射到容器的 9000(S3-API 端口) -p 9020:9001 把宿主的 9020 映射到容器的 9001(Web 控制台端口) --console-address ":9001" 明确让控制台监听 9001,避免与 API 端口冲突 4、mc命令 mc alias set local http://192.168.200.151:9010 admin admin123456 mc ls local 3.4、 MongoDB: harbor.evermodel.ai:8721/infra/mongo:8.0.10 # 1. 创建宿主导线目录并赋权(官方镜像默认 UID 999) sudo mkdir -p /opt/Hjdata/mongodb sudo chown -R 999:999 /opt/Hjdata/mongodb # 2. 启动容器 docker run -d --name mongo-8_0_10 \ --restart=always \ --network host \ -e MONGO_INITDB_ROOT_USERNAME=root \ -e MONGO_INITDB_ROOT_PASSWORD=123456 \ -v /opt/Hjdata/mongodb:/data/db \ harbor.evermodel.ai:8721/infra/mongo:8.0.10 #3.验证连接 mongosh mongodb://root:123456@192.168.200.151:27017/admin --eval MongoDB-express: harbor.evermodel.ai:8721/infra/mongo-express:1.0.2 # 1. 准备宿主导线目录并赋权(镜像默认 UID 1000) sudo mkdir -p /opt/Hjdata/mongodb_express sudo chown -R 1000:1000 /opt/Hjdata/mongodb_express # 2. 启动容器 docker run -d --name mongo-express \ --restart=always \ -p 18081:8081 \ -e ME_CONFIG_MONGODB_ADMINUSERNAME=root \ -e ME_CONFIG_MONGODB_ADMINPASSWORD=123456 \ -e ME_CONFIG_MONGODB_URL=mongodb://root:123456@192.168.200.151:27017/admin?authSource=admin \ -e ME_CONFIG_BASICAUTH_USERNAME=mongo \ -e ME_CONFIG_BASICAUTH_PASSWORD=mongo \ -e ME_CONFIG_SITE_BASEURL=/ \ -v /opt/Hjdata/mongodb_express:/data \ harbor.evermodel.ai:8721/infra/mongo-express:1.0.2 3.5、 Elasticsearch: harbor.evermodel.ai:8721/infra/elasticsearch:8.18.3 # 1. 准备宿主导线目录并赋权(镜像默认 UID 1000) sudo mkdir -p /opt/Hjdata/es sudo chown -R 1000:1000 /opt/Hjdata/es # 2. 启动容器 docker run -d --name elasticsearch \ --restart=always \ -p 9200:9200 \ -p 9300:9300 \ -e "discovery.type=single-node" \ -e "ELASTIC_PASSWORD=admin1234" \ -e "xpack.security.enabled=true" \ -v /opt/Hjdata/es:/usr/share/elasticsearch/data \ harbor.evermodel.ai:8721/infra/elasticsearch:8.18.3 Kibana: harbor.evermodel.ai:8721/infra/kibana:8.18.3 sudo chown -R 1000:1000 /opt/Hjdata/kibana 在 ES 里给 kibana_system 设密码(只需一次) bash 复制 # 进入 ES 容器 docker exec -it elasticsearch bash # 设密码(与 elastic 保持一致,方便记忆) bin/elasticsearch-reset-password -u kibana_system -i # 提示输入新密码:admin1234 docker run -d --name kibana \ --restart=always \ -p 5601:5601 \ -e ELASTICSEARCH_HOSTS=http://192.168.200.151:9200 \ -e ELASTICSEARCH_USERNAME=kibana_system \ -e ELASTICSEARCH_PASSWORD=admin1234 \ -e XPACK_SECURITY_ENCRYPTIONKEY=abcdefghijklmnopqrstuvwxyz123456 \ -v /opt/Hjdata/kibana:/usr/share/kibana/data \ harbor.evermodel.ai:8721/infra/kibana:8.18.3 踩坑: Kibana 8.x 要求 xpack.security.encryptionKey 至少 32 字符 [2025-10-22T07:51:12.506+00:00][FATAL][root] Reason: [config validation of [xpack.security].encryptionKey]: value has length [20] but it must have a minimum length of [32]. Error: [config validation of [xpack.security].encryptionKey]: value has length [20] but it must have a minimum length of [32] Kibana 8.x 禁止直接用内置超级用户 elastic 连接集群,要求使用 Kibana 系统账号 或 服务账户 token。 最简解决:改用 内置的 kibana_system 账号(密码跟 elastic 相同,都是 admin1234),再额外给它赋权即可。 Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html at ensureValidConfiguration (/usr/share/kibana/node_modules/@kbn/core-config-server-internal/src/ensure_valid_configuration.js:44:11) at Server.preboot (/usr/share/kibana/node_modules/@kbn/core-root-server-internal/src/server.js:181:7) at Root.preboot (/usr/share/kibana/node_modules/@kbn/core-root-server-internal/src/root/index.js:48:14) at bootstrap (/usr/share/kibana/node_modules/@kbn/core-root-server-internal/src/bootstrap.js:96:29) at Command.<anonymous> (/usr/share/kibana/src/cli/serve/serve.js:235:5) FATAL Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html 3.6 Rocketmq:5.3.3 harbor.evermodel.ai:8721/infra/rocketmq:5.3.3 Rocketmq-dashboard:2.1.0 harbor.evermodel.ai:8721/infra/rocketmq-dashboard:2.1.0 1、准备 mkdir -p /opt/Hjdata/rmq/{namesrv,broker,dashboard}/{logs,store} docker network create rmq-net # 统一网络,替代 --link 2、NameServer docker run -d --name rmqnamesrv \ --restart=always \ --network rmq-net \ -p 9876:9876 \ -v /opt/Hjdata/rmq/namesrv/logs:/home/rocketmq/logs \ -v /opt/Hjdata/rmq/namesrv/store:/home/rocketmq/store \ harbor.evermodel.ai:8721/infra/rocketmq:5.3.3 \ sh mqnamesrv 3、Broker + Proxy docker run -d --name rmqbroker \ --restart=always \ --network rmq-net \ -p 8081:8081 \ -e NAMESRV_ADDR=rmqnamesrv:9876 \ -v /opt/Hjdata/rmq/broker/logs:/home/rocketmq/logs \ -v /opt/Hjdata/rmq/broker/store:/home/rocketmq/store \ --user 0 \ harbor.evermodel.ai:8721/infra/rocketmq:5.3.3 \ sh mqbroker -n rmqnamesrv:9876 --enable-proxy 4、Dashboard docker run -d --name rmq-dashboard \ --restart=always \ --network rmq-net \ -p 8082:8082 \ -e JAVA_OPTS="-Drocketmq.namesrv.addr=rmqnamesrv:9876" \ -v /opt/Hjdata/rmq/dashboard/logs:/tmp/logs \ harbor.evermodel.ai:8721/infra/rocketmq-dashboard:2.1.0 docker 看容器内监听端口 docker inspect rmq-dashboard --format='{{range $p,$conf := .Config.ExposedPorts}}{{$p}}{{"\n"}}{{end}}' 4、验证 NameServer:telnet 192.168.200.151 9876 Proxy:curl http://192.168.200.151:8081/version Dashboard:浏览器打开 http://192.168.200.151:8082 → “集群” 页能看到 broker 即正常。 3.7、 XXL-JOB: harbor.evermodel.ai:8721/infra/xuxueli/xxl-job-admin:3.1.1 docker run -d --name xxl-job-admin \ --restart=always \ -p 18080:8080 \ -e PARAMS="--server.port=8080 --xxl.job.accessToken=evermodel.ai" \ -v /opt/Hjdata/xxl-jobs:/data/applogs \ harbor.evermodel.ai:8721/infra/xuxueli/xxl-job-admin:3.1.1 最终命令: docker run -d --restart=always \ -e PARAMS="--spring.datasource.url=jdbc:mysql://192.168.200.151:3306/xxl_job?autoReconnect=true&useAffectedRows=true&characterEncoding=UTF-8&allowMultiQueries=true&serverTimezone=Asia/Shanghai&useSSL=false&allowPublicKeyRetrieval=true \ --spring.datasource.username=dev \ --spring.datasource.password=pnh8M7gRt%6E \ --xxl.job.accessToken=evermodel.ai" \ -p 18080:8080 \ --name xxl-job-admin harbor.evermodel.ai:8721/infra/xuxueli/xxl-job-admin:3.1.1 验证: http://192.168.200.151:18080/xxl-job-admin/toLogin 3.8、 Nacos: harbor.evermodel.ai:8721/infra/nacos/nacos-server:v2.3.2-slim docker run -d --name nacos-server \ -p 8848:8848 \ -p 9848:9848 \ --privileged=true \ --restart=always \ -e MODE=standalone \ -e JVM_XMS=2048m \ -e JVM_XMX=2048m \ -e JVM_XMN=256m \ -e MYSQL_SERVICE_HOST=192.168.200.151 \ -e MYSQL_SERVICE_PORT=3306 \ -e MYSQL_SERVICE_DB_NAME=nacos_config \ -e MYSQL_SERVICE_USER=dev \ -e MYSQL_SERVICE_PASSWORD=pnh8M7gRt%6E \ -e NACOS_AUTH_ENABLE=true \ -e NACOS_AUTH_IDENTITY_KEY=admin \ -e NACOS_AUTH_IDENTITY_VALUE=admin \ -e NACOS_AUTH_TOKEN=SecretKey10012345678901234567qwertyuioplkjhgfd8999987654901234567890123456789 \ -v /opt/Hjdata/nacos/application.properties:/home/nacos/conf/application.properties \ harbor.evermodel.ai:8721/infra/nacos/nacos-server:v2.3.2-slim
浙公网安备 33010602011771号